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(54) Centralized authentication for authorising access to network peripheral devices 



(57) Access control to a networked peripheral de- 
vice by a walk-up user, wherein the networked periph- 
eral device is accessible by both the walk-up user and 
a remote user, based on centralized access manage- 
ment information. Access control comprises receiving 
authenticated infomiation for the walk-up user from the 
networked peripheral device at a centralized location, 
detemilning at the networked peripheral device a level 
of access to the networked peripheral device by the 
walk-up user based on received access management 
infomiation for the walk-up user, and allowing the walk- 
up user to access the determined user-available fea- 
tures of the networked peripheral device based on the 
determined level of access. 
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Description 

[0001] The invention relates to a centralized authen- 
tication mechanisnn. More particularly, the invention re- 
lates to use of a centralized authentication mechanism s 
for providing user privileges infoimation to a networked 
peripheral device. 

[0002] Networked peripheral devices are typically 
multifunction devices that handle functions such as 
printing, scanning, copying or faxing and are often relied io 
upon in performing enterprise level tasks. Controlling 
usage of a networked peripheral device means that a 
walk-up user of the device, i.e., one that gains access 
to the device locally at the device, or a remote user of 
the device, i.e., a non walk-up user, is allowed access is 
to only those services and/or features available on the 
device that are authorized. For example, a user may 
have access to copying but not a printing service of a 
networked peripheral device that offers faxing, printing, 
copying and scanning services. Likewise, a user may 
only be allowed access to a black-and-white, but not a 
color printing feature of the printing service offered by 
the device. 

[0003] Controlling usage of services and/or features 
offered by a networked peripheral device is often nee- ^5 
essary for economic as well as other reasons. For ex- 
ample, color ink cartridges containing ink for color print- 
ing typically cost significantly more than black ink car- 
tridges that are used for black and white printing. It may 
therefore be desirable to limit access to color printing 30 
features of a printer in order to save costs. 
[0004] One conventional approach to controlling ac- 
cess to a networked peripheral device by a non-enter- 
prise user is to program each device separately as to 
the access privileges of the user. This approach requires 55 
presence of an input mechanism such as a keyboard or 
a magnetic card reader on the device through which the 
user logs into the device. Following login by the user, 
the device examines the user's access privileges, which 
are maintained by the device, and allows the user ac- ^^o 
cess to the device based on the programmed informa- 
tion concerning the user's access privileges. Adoption 
of this approach is cumbersome since it requires sepa- 
rate programming of each networked peripheral device 
and reprogramming of each device In response to 
changes in access policy. 

[0005] Another conventional approach to controlling 
access to a networked peripheral device by a non-en- 
terprise user Is to program user access privileges on a 
keycard that is canried by the user. Upon swiping the 
keycard on a card reader installed on the device, the 
user access policy is transmitted from the card to the 
device. The user is then allowed to use the device in 
accordance with the limitations contained in the user ac- 
cess policy. This approach also suffers from the draw- 
back suffered by the previous altemative in that each 
individual card needs to be programmed in order to en- 
code user access policy and reprogrammed each time 



the polby is revised as to that user. It would therefore 
be beneficial to be able to control and customize access 
to services and/or features of a networked peripheral 
device by a non-enterprise user using a centralized 
mechanism, which provides both enterprise user au- 
thentication and non-enterprise user authentication and 
access privilege information to manage device/resource 
usage, at the enterprise level. 

[0006] The present invention addresses the above in- 
adequacies by providing a centralized level of access 
management to networked peripheral devices for both 
walk-up and remote users in order to prevent unauthor- 
ized use by a non-enterprise user of services and/or fea- 
tures that are available on a device based on authenti- 
cation of the user at the device. 
[0007] In one aspect, the invention concerns creating 
a context-sensitive user interface for a networked pe- 
ripheral device. The user supplies authentication Infor- 
mation to a device via any input means including, but 
not limited to, a keypad, a smart card, or any other input 
method that is supported by the device. The device com- 
municates the authentication information provided by 
the user to an authentication server, which provides au- 
thentication services for both walk-up and remote for us- 
ers of the device, and where networked peripheral de- 
vice access policy information for users is stored. Ac- 
cess policy information is in turn transmitted to the de- 
vice; which determines the level of access of a user 
based on the received access polk^y information. 
[0008] The access policy information may concern 
access to a service offered by the networked peripheral 
device itself or to certain features of services available . 
on the device. Upon authentication of the user by the 
authentication server, the information (e.g., privilege In- 
fomnatlon or other access policy information) about the 
user's level of access to the device is passed back to 
the device. The device determines the user's access to 
services/ features of the device based on the privilege 
information supplied by the authentication server. The 
device can create a customized user Interface such as 
a customized service menu for the user that Incorpo- 
rates access policy information for the user. The cus- 
tomized service menu is then displayed on the device, 
allowing the user access to the determined features. 
[0009] Providing a centralized location for access 
management Inf omnation for use by a networked periph- 
eral device in order to prevent unauthorized use of de- 
vice services/features based on authentication of the 
user addresses the current problems associated with 
controlling access to a networked peripheral device by 
a walk-up user and eliminates the need for individual 
programming of each device or keycard in response to 
changes in access policy. 

[0010] This brief summary has been provided so that < 
the nature of the invention may be understood quickly. 
A more complete understanding of the invention can be 
obtained by reference to the following detailed descrip- 
tion of preferred embodiments which are described by 
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way of example only with reference to the attached 
drawings in which: 

Figure 1 is a view showing the outward appearance 
of a representative hardware embodying the 
present invention. 

Figure 2 is a detailed block diagram showing the 
internal architecture of the computer shown in Fig- 
ure 1 in accordance with an embodiment of the 
present invention. 

Figure 3 is a block diagram showing an overview of 
components for use in managing and/or controlling 
access to network peripheral devices according to 
an embodiment of the present invention. 

Figure 4 Illustrates a flow diagram of process steps 
to manage and/or control access to a networked pe- 
ripheral device by a walk-up user according to an 
embodiment of the present invention. 

Figure 5 is a screen shot of the display screen show- 
ing a Ul at a stage prior to walk-up user login to the 

device. 

Figure 6 is a screen shot of the display screen show- 
ing a Ul through whfch a walk-up user would log into 
the device. 

Figure 7 is a screen shot of the display screen show- 
ing a customized service menu corresponding to 
services/features available to a walk-up user 

Figure 8 is a screen shot of the display screen show- 
ing another customized service menu correspond- 
ing to services/features available to a walk-up user. 

Figure 9 is a screen shot of the display screen show- 
ing a Ul through which walk-up user would log out 
of the device. 

Figure 1 0 illustrates a flow diagram of process steps 
of a networked peripheral device to manage and/or 
control access to the device by a walk-up user ac- 
cording to an embodiment of the present invention. 

Figure 1 1 illustrates a flow diagram of process steps 
to manage and/or control access to a networked pe- 
ripheral device by a remote user according to an 
embodiment of the present invention. 

Figure 1 2 illustrates a flow diagram of process steps 
of a networked peripheral device to manage and/or 
control access to the device by a remote user ac- 
cording to an embodiment of the present invention. 

Figure 1 3 illustrates a flow diagram of process steps 



of a server to manage and/or control access to the 
device by a remote user or a walk-up user according 
to an embodiment of the present invention. 

5 [0011] Figure 1 is a view showing the outward appear- 
ance of a representative hardware embodying the 
present invention. Computing equipment 1 includes 
host processor 9 comprising a personal computer (here- 
inafter "PC") preferably having windowing operating 

10 system such as Microsoft Windows 2000® , Windows 
ME®, etc. operating system. Provided with the comput- 
ing equipment 1 are color monitor 2 including display 
screen 10, keyboard 4 for entering text data and user 
commands, and pointing device 16. Pointing device 16 

15 preferably comprises a mouse, for pointing, selecting 
and manipulating objects displayed on display screen 
10. 

[0012] Computing equipment 1 includes a computer- 
readable memory medium such as a fixed disk 17 and/ 
^0 or floppy disk drive 20 and/or CD-ROM drive 19. Such 
computer readable memory media allow computing 
equipment 1 to access information such as user-related 
data, computer executable process steps, application 
programs, and the like, stored on removable and non- 
25 removable memory media. In addition, computing 
equipment 1 is connected to server 8 through an enter- 
prise network 7 and can acquire information and appli- 
cation programs from the server 8 through network 7, 
Enterprise network is preferably an Intranet but can also 
30 be a Local Area Network (LAN), a Wide Area Network 
(WAN) or the Internet, for example. The computing 
equipment 1 is connected to networked peripheral de- 
vice 6 through the network 7. Device 6 includes one or 
more buttons 11, which may be programmable. As Is 
35 discussed in more detail below, buttons 11 may be en- 
abled or disabled by device 6 depending on the received 
access policy. 

[0013] Like computing equipment, server 8 is a com- 
puter preferably having a windowing operating system. 

40 The server 8 has a storage device 41 , which is prefera- 
bly a large fixed disk for storing files. While device 41 is 
shown to be extemal to server 8, it need not be. Other 
devices on the network 7 can therefore use the server 
8 as a file server and for storing applications such as an 

45 authenticator configured to authenticate a user and for 
storing user and device configuration infomiatlon on a 
directory service, which is described in more detail with 
reference to Figure 3, and which directory service con- 
tains such information as user account infomnation and 

50 access policy information. The directory service is pref- 
erably a Microsoft Active Directory, which is a compo- 
nent of the Windows 2000® that provides directory serv- 
ices to a Windows environment. In addition to providing 
for central management and sharing of information on 

55 network resources and users, Microsoft Active Directo- 
ry® acts as the central authority for network security that 
will be discussed below with reference to Figure 4. 
[0014] The Interface between the directory service, 
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which contains authentication and access policy infor- 
mation, and other components is provided by the au- 
thentlcator, a component of server 8, which is responsi- 
ble for authenticating users and providing access man- 
agement information stored on the directory service. 
The authenticator is preferably located on server 8 with 
the directory service, but can also be implemented on a 
remote system., or server. 

[0015] Figure 2 is a detailed block diagram showing 
the internal architecture of computing equipment 1. As 
shown in Figure 2, computing equipment 1 includes cen- 
tral processing unit ("CPU") 20 that interfaces with com- 
puter bus 25. Also interfacing with computer bus 25 are 
fixed disk 3. network interface 21 for accessing network 
7, random access memory ("RAM") 30 for use as main 
memory, read only memory ("ROM") 29, floppy disk in- 
terface 28. CD-ROM interface 24, display interface 26 
to monitor 10 keyboard Interface 22 to keyboard 4, 
mouse interface 27 lo pointing device 1 6, and peripheral 
device interface 23 lo a stand alone, non-networked de- 
vice 6. 

[001 6] Main memory 30 interfaces with computer bus 
25 so as to provide RAM storage to CPU 20 during ex- 
ecution of software programs such as the operating sys- 
tem, application programs, and device drivers. More 
specifically, CPU 20 loads computer-executable proc- 
ess steps from disk 3 or other memory media into a re- 
gion of main memory 30, and thereafter executes the 
stored process steps from main memory 30 in order to 
execute software programs. Data can be stored in main 
memory 29, where the data can be accessed by CPU 
20 during execution. As also shown in Figure 2, fixed 
disk 3 contains a windowing operating system 51, ap- 
plbation programs 52 such as application word process- 
ing, spreadsheet, database, imaging, graphics, etc. ap- 
plications, and device drivers 53 such as networked pe- 
ripheral device driver 54. 

[0017] Figure 3 is a block diagram showing an over- 
view of components for use in managing and/or control- 
llng access to network peripheral devices according to 
an embodiment of the present Invention. Briefly, server 
8 includes a host processor (not shown) that has a win- 
dowing operating system. The server 8 uses storage de- 
vice 41 , which is a preferably a large fixed diskf or storing 
numerous files, to store directory service 47. Directory 
service 47 contains user access policy information and 
other infonmalion such as user authorization infomia- 
tion. Access policy Infomnation refers to access control 
infomnation (e.g., rules) that has been defined at an en- 
terprise level concerning user access to services/fea- 
tures available on the networi<ed peripheral device 6. 
For example, a user may have access to a copying but 
not a printing service of a multifunction networked pe- 
ripheral device 6 that offers faxing, printing, copying and 
scanning services. Likewise, a user may only be allowed 
access to a black-and-white printing feature, but not a 
color printing feature, of a printing service available on 
the device 6. 



[0018] The device 6 includes an access controller 66, 
which allows the user to access the device consistent 
with the determined level of access. Access controller 
is preferably an embedded computer system with an in- 
5 ternal architecture similar to that shown in Figure 2 in- 
cluding some or all of the interfaces shown. The access 
controller 66 controls user access to services/features 
available on the device 6 based on the access policy 
information provided to it by servers. Access controller 
10 66 may enforce the access policy associated with a user 
through creation of a user interface that is customized 
according to the user's level of access. Altematively, ac- 
cess controller 66 may disable/enable buttons (e.g.^ but- 
ton 11) on or displayed by, device 6. Of course, a com- 
15 bination of a user interface and buttons disabling/ena- 
biings may also be used. Device 6 further comprises the 
components needed to perform the services/features of 
the device 6. In a case of a multifunction device, for ex- 
ample, device 6 further comprising scanning, printing, 
20 faxing and copying components. 

[0019] According to Figure 3, the server 8 is connect- 
ed to the computing equipment 1 and to networked pe- 
ripheral device 6 through an enterprise network 7. The 
networked peripheral device 6 is preferably a multifunc- 
25 tion device that offers faxing, copying, printing and scan- 
ning services but may be any type of networked periph- 
eral device. Each of services offered by networked pe- 
ripheral devices may include associated features. For 
example, printing may be available in color and black- 
30 and-white; scanning may be available in color, black- 
and-white and be available at various resolution levels. 
The following is an example of a structure of an enter- 
prise access policy for use with a multi-functional net- 
worked peripheral device, which includes access/privi- 
35 lege infomnation at both the sen^ice and feature levels. 



40 



Services 


Features 


Policy 


Print 




Y/N 




Color 


Y/N 




Daily Quota 


0-2000 




(Pages) 




Scan 


B/W 


Y/N 




Color 


Y/N_ 




Resolution 


L, H/L, H 




Daily Quota 


0-100 




(Pages) 




Fax 


Local 


Y/N 




Long Distance 


Y/N 




Resolution 


H, H/L, L 




Dally Quota 


0-200 




(Pages) 




Copy 


B/W 


Y/N 




Color 


Y/N 




Resolution 


H, H/L, L 




Daily Quota 


0-1500 
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(contmued) 



Services 


Features 


Policy 




(Pages) 





[0020] In the above example^ the print service in- 
cludes black-and-white (i.e., B/W), color and daily quota 
features. The Information under the policy column Iden- 
tifies whether or not the feature is available and/or a 
number from zero to two thousand that represents a dai- 
ly quota (e.g., a number of pages) the number of pages 
the user is allowed. For example, a user may be limited 
to phnting 200 pages in a single day. 
[0021] In addition to features that are similar to those 
of the print service, the scan service is available at high 
(H). medium (H/L), and low (L) resolutions as indicated 
under the policy column (i.e., H, H/L, L). The daily quota 
feature for the scan service Is between zero and one 
hundred pages. The Fax service includes local, long dis- 
tance, and daily quota features. The information under 
the policy column identifies whether or not the feature 
is available and/or a number from zero to two hundred 
that represents the number of pages the user can fax. 
In addition to the features that are similar to those of the 
print service, the copy service is available at various H, 
H/L and L resolutions that are indicated under the policy 
column. The infomiation under the policy column iden- 
tifies whether or not the feature is available and/or a 
number from zero to two hundred that represents the 
number of pages the user can copy. 
[0022] After the authenticator 48 has tested the user 
authentication information against the access policy in- 
formation and transmitted the result back to the device 
8, the access controller 66 determines the user's level 
of access to services/features available on the device 6 
based on the access policy information received from 
the authenticator 48. The access controller 66 prefera- 
bly enforces the enterprise access policy for the user by 
creating a customized user experience (e.g., custom- 
ized Ul, customized service menu) forthe user. The cus- 
tomized service menu is then displayed on the device 
6. Input/Output (I/O) unit 76 on the networked peripheral 
device 6 provides the customized service menu. I/O unit 
76 may be an external unit that is attached to the device 
6 but may also be built Into the device 6, and may pro- 
vide a display unit as well as input mechanism (e.g. , key- 
board and/or media reader). 

[0023] The customized service menu allows the user 
to use the determined services and/or features available 
on the networked peripheral device 6 in accordance with 
enterprise access policy information for the user. The 
customized service menu Is preferably displayed on a 
touch-screen that allows the user to activate the keys 
by touching virtual keys that are displayed on the screen 
on which the menu is displayed. In such a case, the user 
may gain access to the device 6 by activating the virtual 
keys that are displayed on the I/O unit 76 corresponding 



8 

to available services/features on the device 6. However, 
keys can also be activated through other means such 
as use of a pointing device 16, where I/O unit 76 com- 
prises computing equipment 1 . 

5 [0024] Generally, the I/O unit that is used at the device 
6 can be non-integrated where the input and output 
functions are performed by separate units. For example, 
I/O unit 76 may comprise a separate keypad. I/O unit 
can also be integrated where the same unit performs 

10 both input and output functions. For example, I/O unit 
may be a touch screen that displays output including vir- 
tual keys that are activated In response to the user's 
touch. 

[0025] A user of the networked peripheral device 6 
15 can be a walk-up user or a remote user. A walk-up user 
Is defined as one who gains access to the device 6 lo- 
cally at the device. A remote user is a non-walk-up user. 
In the case of the walk-up user, as discussed in more 
detail with respect to Figure 4, the authentication Infor- 
20 mation received by device 6 is transmitted from the de- 
vice 6 to the authenticator 48 and device 6 receives ac- 
cess information policy from the authenticator 48. In the 
case of the remote user who may have already logged 
on to the network, device driver 54 requests access pol- 
25 Icy infonnation that corresponds to the user and device 
6 and provides authenticator 48 with user login and de- 
vice information. 

[0028] The authenticator 48 transmits access policy 
Information to device driver 54. Authenticator 48 notifies 

30 device 6 of access policy associated with the authenti- 
cated user preferably along with the job, which wassub- 
mitted by the user via device driver 54. If authenticator 
48 is unable to authenticate a user based on the authen- 
tication information sent by device 6, it may send an "au- 

35 thentication failed" message or a "no services/features 
available," message, or both. Where the user is authen- 
ticated, the authentteator 48 fonvards the access policy 
information along with the job request to the device 6. 
The device 6 then processes the job request to the ex- 

^0 tent it conforms to the access policy Information. 

[0027] Rgure 4 illustrates a flow diagram of process 
steps to manage and/or control access to a networked 
peripheral device by a walk-up user according to an em- 
bodiment of the present invention. Before allowing the 
user to access the device 6, the request must be 
vouched for by a trusted application such as the authen- 
ticator 48, which Is stored on the server 8. All authenti- 
cation information Is kept in a directory service 47 that 
exists on the server 8. A user initiates a job by providing 

50 authentication information to the networked peripheral 
device 6. The user can use any of the services that are 
available on the networked peripheral device 6, for 
which the user is authorized, and any feature corre- 
sponding to any of those services such as black-and- 

55 white or color features of a printing service, for which 
the user is authorized. 

[0028] Since a walk-up user accesses the device di- 
rectly, in step S301 a walk-up user provides authentica- 
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tion Information to the device 6. Preferably, a single, uni- 
versal sign-on functionality is in effect according to 
which the authentication information is the user's user- 
name and password. In any case, the same authentica- 
tion information may be used to authenticate a user for 
other purposes (e.g., access to server 8, or files stored 
thereon). Advantageously, a universal sign-on avoids 
entry of separate, unique user names/passwords for 
login at the device 6 and for any other purposes for 
which authentication is a prerequisite. 
[0029] Step S302 causes the device 6 to communi- 
cate the authentication infomnation provided by the user 
to the authenticator 48, which in tum determines if the 
user is an authorized user. The authenticator 48 accom- 
plished this in step S303 by comparing or testing the 
authentication information provided by the user to ac- 
cess policy information stored in directory service 47. 
The enterprise access policy for the user may also be 
stored on the directory service 47 on the server 8. 
[0030] Step 8304 determines whether the user has 
been successful or unsuccessful in obtaining authenti- 
cation from the authenticator 48. If the user is unsuc- 
cessful in obtaining authentication for the job request, 
the authenticator 48 preferably communicates this fail- 
ure through an "access denied" message that is trans- 
mitted to the device 6 per step S305. If the user is suc- 
cessful in obtaining authentication, then in step 8306 the 
authenticator 48 sends access policy infomnation for the 
user back to the device 6. 

[0031 ] The communication between the device 6 and 
the server 8 is conducted through a secure communica- 
tion that minimizes chances of unauthorized access to 
the device by hackers. The pretended security mecha- 
nism implements an encryption mechanism for commu- 
nications between the server 8 and the device 6. The 
encryption is preferably perfonned such that access in- 
fonnation is stored at the directory service 47 in an en- 
crypted fonn utilizing a cryptographic signing operation. 
The encrypted access policy information is then re- 
trieved and sent by the authenticator 48 in an encrypted 
form to device 6, which decrypts the infomnation upon 
receipt. In addition to encrypting access policy infomna- 
tion, device 6 may encrypt authentication infomnation 
before sending it to server 8. 

[0032] Although the encryption is preferably per- 
fonned such that the infomriation stored at the directory 
service 47 is encrypted, it can altematively be stored in 
non-encrypted fomri at the directory service 47. Accord- 
ingly, access policy information is stored In a non-en- 
crypted form at the directory service 47 and is encrypted 
at the authenticator 48. Similarly, although the preferred 
security mechanism is an encryption mechanism, other 
feasible security mechanisms include transmission with 
secure socket layer ("SSL") capabilities, use of propriety 
protocols for communications between the server 8 and 
the device 6, and use of propriety mechanisms in con- 
nection with standard protocols. 
[0033] Once the device 6 obtains the user access pol- 



icy infomnation from the authentication server 8, the ac- 
cess controller 66 proceeds in step S307 to determine 
user access to services and/or features offered by the 
device 6 based on the access policy information re- 
ceived from the authenticator 48. The following is an ex- 
ample of user access policy information for a multi-func- 
tional networked peripheral device: 
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20 



25 



30 



35 



40 



45 



50 



55 





Features 


Policy 


Print 


B/W 


Y 




Color 


Y 






150 


Scan 


B/W 


Y 




Color 


N 




Resolution 


L 




Daily Quota 


50 


Fax 


Local 


Y 




Long Distance 


N 




Resolution 


H/L. L 




Daily Quota 


25 


Copy 


B/W 


Y 




Color 


N 




Resolution 


H, H/L, L 




Dally Quota 


600 



[0034] In the above example, user is allowed to use 
both black-and-white and color features of the print serv- 
ice up to a daily maximum of 160 pages. The user can 
use the scan service for scanning up to 50 pages of 
black-and-white pages per day at low resolution, fax up 
to 25 pages a day as long as the faxes are not transmit- 
ted over long distance telephone line, and are transmit- 
ted at medium or low resolution, and can use the copy- 
ing service to make up to 500 black-and-white copies a 
day at all resolutions. 

[0035] In step S308 the user Is allowed access to 
services/features of the device 6 consistent with the de- 
termined level of access. This may be implemented by 
the access controller 66 through creation of a user in- 
terface, which includes selections based on the access 
policy infomnation obtained for the particular user Ac- 
cordingly, the devrce 6 creates a customized user Inter- 
face such as a customized service menu for the user 
that incorporates the access policy for the user. The cus- 
tomized service menu is then displayed on the device 6 
with services/features appearing as virtual keys on the 
I/O unit 76. 

[0036] Figures 5-9 are views of the display screen 1 0 
showing changes in a Ul at various stages of a walk-up 
user's interaction with the device 6. 
[0037] Rgure 5 is a screen shot of the display screen 
showing a Ul before user seeks access to the device 6. 
As indicated, the device is locked and requires the walk- 
up user to log in. 

[0038] Figure 6 is a screen shot of the display screen 
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showing a Ul through which user would log in to the de- 
vice 6. In the example of Figure 6, the user logs in by 
providing a username and password, which are trans- 
nnitted in a secure manner to server 8. 
[0039] Figure 7 is a screen shot of the display screen 
showing a customized service menu corresponding to 
services/features available to a walk-up user. Buttons 
800 at the top of the screen are preferably virtual (i,e., 
non-physical) buttons. In this case, they represent the 
services of device 6 that are available to the user (i.e., 
scanftp, logout, scopy). The portion below buttons 800 
is area 701 . which is a display of a job corresponding to 
the "scopy" service. The scopy service allows the user 
to scan and copy using device 6. The virtual buttons 702 
on the right hand side of the screen correspond to avail- 
able features (copy, number of pages, paper selection). 
That is, the user can copy, set the number of pages and 
select paper using bunons 702. Scroll buttons 703 allow 
the user to scroll through the job listings displayed in 
area 701 , 

[0040] Figure 8 is a screen shot of the display screen 
showing another example of a customized service menu 
corresponding to services/features available to a walk- 
up user. In the example of Figure 8, area 701 corre- 
sponds to an "Hold&Print" service of the device 6 and 
provides a list of "Hold&Print" jobs. The screen includes 
buttons 800, which, in this case, correspond to the "Hold 
& Print", "Scan FTP", and "Logout" services of device 6. 
The "Hold&Print" sen/ice allows the user to store-up 
print jobs and to initiate printing of a stored job at device 
6. The virtual buttons 802 on the right hand side of the 
screen correspond to available features (update list, 
print job and delete job). That is. the user can update/ 
refresh list, print a job, or delete a job using buttons 802. 
Scroll buttons 703 allow the user to scroll through the 
job listing displayed in area 701 . 
[0041 ] Figure 9 Is a screen shot of the display screen 
showing a Ul though which walk-up user would log out 
of the device 6. Similar to Figure 8, the screen includes 
buttons 800, which, in this case, correspond to the 
"Scan FTP", "scopy", and "Logout" services of device 6. 
[0042] In a case that the Ul Includes "unauthorized" 
selections, these selections may be disables such that 
the keys corresponding to unauthorized services/fea- 
tures are grayed out. The user then proceeds to use the 
device 6 In accordance with the detenmined level of ac- 
cess by activating non-grayed out keys that are dis- 
played on the I/O unit 76 preferably through a touch 
screen. 

[0043] Figure 1 0 illustrates a flow diagram of process 
steps of a networiced peripheral device to manage and/ 
or control access to the device by a walk-up user ac- 
cording to the present invention. In step S1001 the de- 
vice 6 inquires into whether user has provided authen- 
tication infonmation to the device 6 (e.g., authentication 
infomriation received via the screen depicted in Figure 
6.) A job is not initiated by the device until such infomria- 
tion is provided by the user. 



[0044] Step SI 002 causes the authentication infor- 
mation entered by user in step SI 001 to be forwarded 
to authenticator 48. The authenticator 48, compares or 
tests the authentication information provided by the user 

5 against access policy information that is stored in the 
directory service 47. and transmits the results back to 
the device 6. At step SI 03, device 6 awaits the results 
from the server 8. Step SI 004 inquires into the user's 
success in being authenticated by the authenticator 48 

10 based on the results received from server 8. 

[0045] Should the user be unsuccessful In obtaining 
authentication, step SI 005 causes an "access denied" 
message to be displayed by the device 6, thus denying 
the user access to any service/features of the device 6. 

15 In case of successful authentication by the user for the 
job requested, the device 6 determines the user's level 
of access to the services/features of the device 6 based 
on the received access policy Infomnatlon per step 
S1 006. Step S1 007 causes the device 6 to create a cus- 

20 tomized menu for the user based on the detennined lev- 
el of access. 

[0046] A remote user may access device 6, for exam- 
ple, via a workstation such a computing equipment 1 . 
However, the process in which a remote user accesses 
25 device 6, differs from that of a walk-up user. The follow- 
ing example concerns a remote user who seeks to print 
a job using device 6 from a workstation and an applica- 
tion that exists on the workstation. 

30 1 . The user Initiates a print operation from within the 
application. 

2. Device 6 determines the server 8 on which the 
authenticator 48 Is running on. 

35 

3. A secure pipe Is created between the print driver 
and the authenticator 48, in which the authentica- 
tion infomnation is sent to server 8. 

40 4. The device driver 54 on the workstation transmits 
a request to server 8 for access policy information. 
The request identifies the user and device 6. Driver 
also provides authentication in conjunction with the 
request. 

45 

5. Authenticator 48 performs authentteatlon and 
based on the outcome of authentication transmits a 
response (e.g., "access denied" or access policy in- 
formation) to device 6. 

50 

6. Driver forwards the received access policy infor- 
mation to device 6 along with the job submitted by 
the user. 

55 [0047] Figure 11 illustrates a flow diagram of process 
steps to manage and/or control access to a networked 
peripheral device by a remote user according to an em- 
bodiment of the present Invention. The user logs into the 
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network 7 in step S11 01 . At step S1 1 02 a determination 
is made as to whether user has initiated a job request. 
Once the job request is initiated, device driver 54 re- 
quests access policy information that corresponds with 
the user and for device from sever 8 and provides au- 
thentication information to the server 8, per step S1 1 03. 
Authentication information is preferably provided via a 
challenge and response mechanism, but can also be 
provided through other means such as user's username 
and password. 

[0048] In step S1 1 04, the server 8 sends access pol- 
icy information back to the driver Step S1105 causes 
the driver to forward the access policy information along 
with the job request to the device 6. In step S1106, the 
device 6 determines the user's level of access based on 
the received access policy information. In step S1 107, 
the device 6 compares or tests the requested services/ 
features against the user's level of access to determine 
whciher the user's request conforms to the user's level 
of access. 

[0049] A detennination that the user's job request 
does not conform to the user's determined level of ac- 
cess, results in an "access denied" condition, per step 
S1108. thus denying the user's job request. Preferably, 
a message is sent to the user's workstation to alert the 
user of the "access denied" condition. Should the inquiry 
in step S1 1 07 result in the determination that the user's 
job request does conform to the user's determined level 
of access, then step S1 1 09 causes the device 6 to per- 
fomri the requested job In accordance with the deter- 
mined level of access. 

[0050] Figure 1 1 provides a general oven/iew of steps 
performed to control/manage access to device 6. Figure 
12 illustrates the perspective of device 6. That Is, Figure 
12 illustrates a flow diagram of process steps for a net- 
worked peripheral device to manage and/or control ac- 
cess to the device by a remote user according to the 
present invention. In order to process a job that Is re- 
motely sent to a device 6, the device 6 needs to have 
both the requested services/features and the access 
policy information for the user. The job that is submitted 
by the user identifies the requested services/features. 
Device driver 54 provides the access policy Infonnation, 
which it received from sen/er 8 as part of the job stream 
sent to device 6. 

[0051] In step S1201, device driver 54 fonwards the 
user's job to the device 6. The device 6, per step SI 202, 
asks whether the user's access policy information Is In- 
cluded along with the job request. If user's access policy 
Infonmation is not included along with the job request, 
then step SI 203 causes an error message to be sent 
back to the driver 54, denying the user access to the 
requested services/features. 

[0052] If the user's access policy information is includ- 
ed along with the job request, then step 81 204 proceeds 
to determine the user's level of access based on the re- 
ceived access policy infonnation. In step SI 205, the de- 
vice 6 compares or tests the requested services/fea- 



tures against the user's level of access to determine 
whether the user's request conforms to the user's level 
of access. A determination that the user's job request 
does not conform to the user's determined level of ac- 

5 cess, results in an error message, per step 81 206, that 
is sent to driver 54, thus denying the user's job request. 
Should the inquiry in step 81205 result in the detenni- 
nation that the user's job request does conform to the 
user's detennined level of access, then step SI 207 

10 causes the device 6 to perform the requested job. 
[0053] Server 8 is configured to provide access policy 
information for a walk-up user and preferably for all en- 
terprise users (i.e., walk-up and remote users) once the 
user has been authenticated by server 8. 

15 [0054] Figure 1 3 illustrates a flow diagram of process 
steps of a server to manage and/or control access to the 
device by a remote user or walk-up user according to 
the present invention. In step SI 301 , server 8 awaits an 
access policy request and authentication information 

20 from the device 6 or driver 54. In step S1 302 the authen- 
ticator48, located on the server 8, retrieves authentica- 
tion information from directory service 47. In step 
SI 303, the retrieved information Is compared or tested 
against the user authentication information received per 

25 step S130i . Step SI 304 Inquires into whether user has 
been successfully authenticated. If the user is unsuc- 
cessful in obtaining authentication then step SI 305 
causes an "access denied" message to be sent from the 
server 8. If the user is successfully authenticated, ac- 

30 cess, then step S1306 causes user's access policy in- 
formation to be sent from the server 8. 
[0055] Server 8 may reside locally with respect to de- 
vice 6, computing equipment 1 , or both. In a case that 
the network 7 is the Internet, for example, server 8 may 

35 be remotely located with respect to device 6 , computing 
equipment 1, or both. Even where server 8 is local, it 
may be preferable to use a trusted architecture in which 
access policy information, that is received from server 
8 can be trusted. 

40 [0056] While the invention is described above with re- 
spect to what is currently considered its preferred em- 
bodiment, it is to be understood that the invention is not 
limited to that described above. To the contrary, the in- 
vention is intended to cover various modifications and 

45 equivalent arrangements within the scope of the ap- 
pended claims. 

Claims 

50 

1 . A method for controlling access to a networked pe- 
ripheral device by a walk-up user, wherein the net- 
worked peripheral device is accessible by both the 
walk-up user and a remote user based on central- 
es ized access management infonnation, the method 
comprising: 

receiving access management infonnation for 
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the walk-up user at the networked peripheral 
device from a centralized location; 
detemnining, at the networked peripheral de- 
vice, a level of access to the networked periph- 
eral device that are available to the walk-up us- 
er based on the received access management 
information: and 

allowing the walk-up user to access the to the 
networked peripheral device based on the de- 
termined level of access. 

2. A method according to claimi, wherein the net- 
worked peripheral device is a multifunction periph- 
eral device. 

3. A method according to claimi , wherein the access 
management infomnation is supplied by an authen- 
tication server once the authentication server au- 
thenticates the walk-up user based on authentica- 
tion information received from the networked pe- 
ripheral device. 

4. A method according to claimi , wherein a user inter- 
face is devised by the networked peripheral device 
that is specific to the determined access level. 

5. A method according to claimi , wherein buttons on 
a keypad on the device are enabled and/or disabled 
according to the determined access level. 

6. A method according to claim 1 , wherein the access 
management infomnation is supplied by an authen- 
tication sender that authenticates both the walk-up 
user and the remote user 

7. A method according to claim 3, wherein the authen- 
tication information is a username and/or password. 

8- A method according to claim 3, wherein the authen- 
tication information is entered by inserting a smart 
card at the networked peripheral device. 

9. A method according to claim 6, wherein the access 
management information is encrypted. 

1 0. A method according to claim 3, wherein the authen- 
tication infomnation received from the networked 
peripheral device is encrypted. 

11. A computer-readable memory medium in which 
computer-executable process steps are stored, the 
process steps for controlling access to a networked 
peripheral device by a walk-up user, wherein the 
networked peripheral device is accessible by both 
the walk-up user and a remote user based on cen- 
tralized access management information, wherein 
the process steps comprise: 



a receiving step to receive access manage- 
ment infonmation for the walk-up user at the 
networked peripheral device from a centralized 
location; 

a determining step to determine, at the net- 
worked peripheral device, a level of access to 
the networked peripheral device that are avail- 
able to the walk-up user based on the received 
access management information; and 
an allowing step to allow the walk-up user to 
access the to the networked peripheral device 
based on the determined level of access. 

12. A computer-executable program code stored on a 
computer readable medium, said computer-execut- 
able program code for controlling access to a net- 
worked peripheral device by a walk-up user where- 
in the networked peripheral device Is accessible by 
both the walk-up user and a remote user based on 
centralized access management information, said 
computer-executable program code comprising: 

code to receive access management informa- 
tion for the walk-up user at the networked pe- 
ripheral device from a centralized location; 
code to determine, at the networked peripheral 
device, a level of access to the networked pe- 
ripheral device that are available to the walk-up 
user based on the received access manage- 
ment information; and 

code to allow the walk-up user to access the to 
the networked peripheral device based on the 
detemnined level of access. 

13. An apparatus for controlling access to a networi<ed 
peripheral device by a walk-up user, wherein the 
networked peripheral device is accessible by both 
the walk-up user and a remote user based on cen- 
tralized access management information, said ap- 
paratus comprising means for performing the func- 
tions specified in any of Claims 1 to 10. 

14. Computer-executable process steps stored on a 
computer readable medium, said computer-execut- 
able process steps for controlling access to a net- 
worked peripheral device by a walk-up user where- 
in the networked peripheral device is accessible by 
both the walk-up user and a remote user based on 
centralized access management information, said 
computer-executable process steps comprising 
process steps executable to perform a method ac- 
cording to any of Claims 1 to 10. 

15. A server for use in controlling access to a networked 
55 peripheral device by a walk-up user, wherein the 

networiced peripheral device is accessible by both 
the walk-up user and a remote user based on cen- 
tralized access management information, the serv- 
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er comprising: 



receiving a request for access uolicy informa* 
tlon, the request including authentication Infor- 
mation; 5 
authenticating the user using the authentica- 
tion information; and 

transmitting access policy information for the 
user, in a case that authentication of the user 
is successful. 

16. A server according to claim 15, wherein server re- 
trieves authentication information for the user from 
a directory service. 

15 
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NON-ENTERPRISE USER PROVIDES 
AUTHENTICATION INFORMATION 
TO THE DEVICE 



S301 



r 



S3 02 



DEVICE TRANSMITS AUTHENTICATION 
INFORMATION TO AUTHENTICATOR 



S303 



NON-ENTERPRISE USER IS 
AUTHENTICATED BY THE 
AUTHENTICATOR 



S304 




r 



S305 



AUTHENTICATOR TRANSMITS 
"ACCESS DENIED" MESSAGE 
TO THE DEVICE 



AUTHENTICATION SERVER 
SENDS ACCESS POLICY 
INFORMATION TO THE DEVICE 



S3 07 



DEVICE DETERMINES USER'S 
LEVEL OF ACCESS TO SERVICES/ 
FEATURES BASED ON ACCESS 
POLICY INFORMATION 



jC 



S308 



NON-NETWORK USER IS ALLOWED 
ACCESS TO DEVICE CONSISTENT 
WITH DETERMINED LEVEL OF ACCESS 



nc.4 



14 



EP 1 320 008 A2 




BNSOCX^lD: <EP 1320008A2J_> 



15 



EP 1 320 008 A2 




BNSDOCID: <EP 1320008A2_I_> 



16 



EP 1 320 008 A2 



o 

CO 



□ 

s 



cx 
o 
O 
in 



Z3 
O 

o 



c 
o 
o 
CO 







CO 










a> 










O) 




c 






o 




1^ o 


>^ 

CL 




CL 




<x o 


O 
O 




No of 




OL Q> 

to 



ZD 



DC 



in 

=3 
O 

£ 



HE 

( ) 



T 



K 



■TO 

cx 

E 
o 



o 

CL 



17 



BNSDOCID: <EP_ 



_1320008A2_I_> 



EP 1 320 008 A2 



o 

00 



o 



o 
o> 
o 



O 
O 
CO 



c 
o 
o 

CO 



c 













to 








Job 


Lj 




Jo 




a> 




















Dp 




'c 




IB 


Up 








CD 
O 



a: 
3 



UJ 

a: 

DC 



H0 



in 
\ 

E 



E 
o 

2: 



CO 

o 



00 



a> 

Cl 

E 
o 
o 



o 

CL 



BNSDOCID: <EP 132000BA2_L> 



18 



EP 1 320 008 A2 




19 



BNSDOCID: <EP 13a000aA2J_> 



EP 1 320 008 A2 




TRANSMIT AUTHENTICATION 
INFORMATION TO SERVER 




DETERMINE LEVEL OF ACCESS 
TO SERVICES/FEATURES BASED 
ON RECEIVED ACCESS POLICY 



^S10 07 

CUSTOMIZE Ul BASED ON 
DETERMINED LEVEL OF ACCESS 



FIG. 10 
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DEVICE DRIVER REQUESTS ACCESS POLICY 
INFORMATION FOR THE USER AND FOR 
DEVICE FROM SERVER AND PROVIDES 
AUTHENTICATION INFORMATION TO SERVER 
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SERVER TRANSMITS ACCESS POLICY 
INFORMATION FOR THE USER 
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DRIVER SENDS JOB TO DEVICE ALONG 
WITH ACCESS POLICY INFORMATION 



S1106 



DEVICE DETERMINES USER'S LEVEL OF 
ACCESS BASED ON ACCESS POLICY 
INFORMATION 



S1 107 



JOB 

CONFORMS TO 
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DEVICE PERFORMS JOB ACCORDING 
TO THE DETERMINED LEVEL OF ACCESS 



FIG. II 
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FROM DIRECTORY SERVICE 
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